Unsolved
This post is more than 5 years old
37 Posts
0
1944
March 1st, 2019 10:00
Appweb < 7.0.3 authCondition Authentication Bypass Vulnerabi
Appweb < 7.0.3 authCondition Authentication Bypass Vulnerability Description According to its banner, the version of Appweb installed on the remote host is prior to 7.0.3. It is, therefore, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. Note that Nessus did not actually test for this issue, but instead has relied on the version in the server's banner. Solution Upgrade to Appweb version 7.0.3 or later. Output Version source : Mbedthis-Appweb/2.4.2 Installed version : 2.4.2 Fixed version : 7.0.3
0 events found
No Events found!
Parweez
37 Posts
0
March 1st, 2019 10:00
Parweez
37 Posts
0
March 1st, 2019 11:00
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
I am also getting this error.